From 34a1960ada740a1a3e357e2e185b172ecbef5d84 Mon Sep 17 00:00:00 2001
From: TejaRajK <503401523@ge.com>
Date: Thu, 9 May 2024 22:21:35 +0530
Subject: [PATCH] Update os_spec.rb

Fixing inspec issue with latest linux-baseline version
---
 controls/os_spec.rb | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/controls/os_spec.rb b/controls/os_spec.rb
index f6902ed..d5fe0bd 100644
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@@ -312,10 +312,14 @@
   title 'Check mountpoints for noexec mount options'
   desc 'Use the noexec mount options to limit attack vectors via mount points'
 
-  mount_exec_blocklist.each do |mnt_point|
-    next unless mount(mnt_point).mounted?
+  def mounted_mount_points
+    mount_exec_blocklist.select do |mount_point|
+      mount(mount_point)&.mounted?? true : nil
+    end
+  end
 
-    describe mount(mnt_point) do
+  mounted_mount_points.each do |mount_point|
+    describe mount(mount_point) do
       its('options') { should include('noexec') }
     end
   end
@@ -326,10 +330,14 @@
   title 'Check mountpoints for nosuid mount options'
   desc 'Use the nosuid mount options to limit attack vectors via mount points'
 
-  mount_suid_blocklist.each do |mnt_point|
-    next unless mount(mnt_point).mounted?
+  def mounted_mount_points(blocklist)
+    blocklist.select do |mount_point|
+      mount(mount_point)&.mounted?? true : nil
+    end
+  end
 
-    describe mount(mnt_point) do
+  mounted_mount_points(mount_suid_blocklist).each do |mount_point|
+    describe mount(mount_point) do
       its('options') { should include('nosuid') }
     end
   end
@@ -340,10 +348,14 @@
   title 'Check mountpoints for nodev mount options'
   desc 'Use the nodev mount options to limit attack vectors via mount points'
 
-  mount_dev_blocklist.each do |mnt_point|
-    next unless mount(mnt_point).mounted?
+  def mounted_mount_points(blocklist)
+    blocklist.select do |mount_point|
+      mount(mount_point)&.mounted?? true : nil
+    end
+  end
 
-    describe mount(mnt_point) do
+  mounted_mount_points(mount_dev_blocklist).each do |mount_point|
+    describe mount(mount_point) do
       its('options') { should include('nodev') }
     end
   end